Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.4.6.CR1, 7.4.6.GA
Affects Version/s: 7.4.5.GA
Component/s: Security
Labels:
- JDK17
- test_included

Blocked:
False
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
+
Target Release:

7.4.z.GA
Git Pull Request:
https://github.com/jbossas/wildfly-core-eap/pull/1150
Steps to Reproduce:
Hide

Use the Elytron defined ManagementRealm which is needed with JDK17.

# Run server: ./standalone.sh

Add management user: ./add-user.sh jbond pass007

Try to connect: ./jboss-cli.sh -c --user=jbond --password=pass007
Output:

Failed to connect to the controller: Unable to authenticate against controller at localhost:9990: Authentication failed: all available authentication mechanisms failed: DIGEST-MD5: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication

Reload: ./jboss-cli.sh -c --commands=reload

Try to connect again: ./jboss-cli.sh -c --user=jbond --password=pass007
Success: [standalone@localhost:9990]
Show
Use the Elytron defined ManagementRealm which is needed with JDK17. # Run server: ./standalone.sh Add management user: ./add-user.sh jbond pass007 Try to connect: ./jboss-cli.sh -c --user=jbond --password=pass007 Output: Failed to connect to the controller: Unable to authenticate against controller at localhost:9990: Authentication failed: all available authentication mechanisms failed: DIGEST-MD5: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication Reload: ./jboss-cli.sh -c --commands=reload Try to connect again: ./jboss-cli.sh -c --user=jbond --password=pass007 Success: [standalone@localhost:9990]

SFDC Cases Counter:
SFDC Cases Links:

After adding management user customer needs to reload server to be able to log in with the created user. This is regression compared to previous version 24.

This affects obviously web console users as well.

In the old implementation the lastModified method was used to reload the properties file if needed (see here). But when switching to elytron this is not done anymore.

The full reload of the server can be avoided just re-loading the properties realm used for management:

/subsystem=elytron/properties-realm=ManagementRealm:load()

clones

JBEAP-22603 Adding management user newly requires reload

Verified

WFCORE-5650 Adding management user newly requires reload

Closed

is incorporated by

JBEAP-23557 (7.4.z) Upgrade WildFly Core from 15.0.13.Final-redhat-00001 to 15.0.14.Final

Closed

relates to

JBEAP-23625 (7.4.z) WFCORE-5694 - RealmsTestCase fails on Mac

Verified

WFWIP-463 Adding user with add-user.sh newly requires reload

Closed

JBEAP-23624 (7.4.z) WFCORE-5715 - Fix permission check failures that occur in the properties realm with the security manager enabled

Reopened

(1 relates to)

Assignee:: Ilia Vassilev

Reporter:: Ilia Vassilev

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2022/05/25 7:23 PM

Updated:: 2023/01/03 5:13 AM

Resolved:: 2022/06/07 9:15 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates